[dns-operations] [Ext] Re: (struct DNSSEC_DNSKEY_RR *) Exponent lengths
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Aug 10 12:43:42 UTC 2018
> On Aug 10, 2018, at 7:00 AM, Tony Finch <dot at dotat.at> wrote:
>
> All the common tools use 65537 by default - BIND dnssec-keygen,
> ldns-keygen, OpenSSL genrsa, OpenSSH ssh-keygen, gpg ... as a hedge
> against another padding screwup like CVE-2006-4339.
Yes, Adam's confidence that the issue is behind us, and won't come
back may be too optimistic given the possibility of some resolver
using a bespoke crypto library that never got the message. On
the other hand, should we miss out on gaining a noticeable factor
in resolver throughput to make sure that a tiny fraction of oddball
resolvers are safe? Perhaps exponent=3 is the better tradeoff?
Of course if the future (barring a sudden QC breakthrough) is EdDSA
(and perhaps online signing), then the choice of RSA exponents is
moot. Packet sizes are a more pressing issue than CPU bandwidth.
--
Viktor.
More information about the dns-operations
mailing list